Thách thức là để xác định làm thế nào bảo đảm phải có sự khác biệt khi chạy các cơ sở hạ tầng ảo. Các dịch vụ ảo (VSOs) sẽ chạy tất cả các dịch vụ mạng người dùng cuối tương tác với. Vì vậy, các biện pháp bảo mật truyền thống mà bạn thực hiện khi xây dựng và thiết kế các dịch vụ này vẫn còn áp dụng. | The challenge is to identify how security must differ when running virtual infrastructures. Virtual service offerings VSOs will run all of the networked services your end users interact with. Therefore the traditional security measures you undertake when building and designing these services still apply. The fact that users interact with virtual machines instead of physical machines does not change the need for tight security at all levels in this infrastructure. What does change is how you secure resource pools. By their very nature resource pools are not designed to interact with users. They are nothing more than host servers that run a virtualization engine. Because of this they are dealt with by administrators and technicians only. An end user running Microsoft Office Outlook will never have any interaction with the resource pool itself. Instead the end user will interact with a number of different virtual machines running Active Directory Domain Services Microsoft Exchange and perhaps a collaboration engine such as Microsoft Office SharePoint Server. Because all of these machines are virtual users and host or physical servers have no direct interaction see Figure 8-1 . Administrators Technicians FIGURE 8-1 The natural segregation of resource pools and virtual service offerings Securing Hosts and Virtual Machines CHAPTER 8 433 This segregation of the two environments is what forms the key to the protection of your resource pool and the VMs it runs. This is the focus of this chapter. Exam objective in this chapter Manage and optimize Hyper-V Server. Before You Begin To complete this chapter you must have Experience with Windows Server 2003 and or Windows Server 2008 security implementations. Access to a setup as described in the Introduction. In this case you need to access host servers as well as virtual machines running domain controller services and SCVMM and an administrative workstation. 434 CHAPTER 8 Securing Hosts and Virtual Machines Lesson 1 Securing .